LUA in Longhorn (part 1)

While some of the advertised features of Longhorn have fallen off of the table, enhanced LUA capability remains. The specifics of this capability are beginning to appear. One change is the deprecation of the Power Users group.

This group effectively gives the user administrator rights, and has therefore been deprecated in order to simplify the security model. This is a good thing, as Power Users is nothing more than a false sense of security. There are now only least privilege (LUA) and administrator accounts. These apply to both services and interactive accounts.

The name least privilege/LUA is a bit of a misnomer in this case, as it certainly isn't "no privilege" and it isn't "least" if an application/task really requires administrator privileges. Least privilege implies that you run with the least privilege required to complete an authorized task, but in this case a LUA account may not have that level of permission.

If a LUA account runs an application that then attempts to access resources that are denied, Longhorn attempts to prevent the application from breaking by providing a virtual sandbox in which the application can play. This is called Application Impact Management (AIM) and will be the subject of a future post.